Mac OS X Snow Leopard support
PGP® Whole Disk Encryption supports Mac OS® X Snow Leopard (32- and 64-bit).
PGP Whole Disk Encryption includes Boot Camp support for Mac OS X.

Microsoft Windows 7 support
PGP Whole Disk Encryption supports Microsoft Windows 7 (32- and 64-bit).

Linux Ubuntu and RedHat support
PGP Whole Disk Encryption for Linux® supports Ubuntu® and Redhat®.

PGP Whole Disk Encryption locks down the entire contents of a system or an external or USB flash drive. Boot sectors, system files, and swap files are all encrypted. Whole disk encrypting the boot drive means not having to worry if a computer is lost or stolen: to access data, an attacker would need the appropriate passphrase.

Multiple Ways to Share Data
Users can create storage-independent encrypted containers for transport and sharing of specific files using PGP Self-Decrypting Archive, PGP Virtual Disk, and PGP Zip.

• PGP Self-Decrypting Archives (SDAs) - Puts files and folders into an encrypted, compressed package that can be opened on a Windows system that does not have PGP Messaging or PGP Desktop installed. SDAs are the perfect solution for securely exchanging files with someone who does not have PGP software installed.
• PGP Virtual Disk volumes - Uses part of the hard drive space as an encrypted virtual disk volume with its own drive letter. A PGP Virtual Disk is the perfect place for storing sensitive files; it is as if they are stored in a safe. When the door of the safe is open (when the volume is mounted), files can be changed, taken out or moved into it. Otherwise (when the volume is unmounted), all the data on the volume is protected. PGP Virtual Disks are also self-expanding: they automatically grow to accommodate increases in data size, eliminating initial space allocation constraints.
• PGP Zip - Adds any combination of files and folders to an encrypted, compressed, portable archive. PGP Desktop must be installed on a system to create or open a PGP Zip archive. PGP Zip is a tool for securely archiving sensitive data, whether to distribute it to others or to back it up.

Secure File Deletion
PGP Shredder completely destroys files and folders so that even file recovery software cannot recover them. Deleting a file using the Windows Recycle Bin does not actually delete it; it sits on the drive and eventually gets overwritten. Until then, it is trivial for an attacker to recover that file. PGP Shredder, in contrast, immediately overwrites files multiple times. This is so effective that even sophisticated disk recovery software cannot recover these files. This feature also completely wipes free space on drives so that deleted data is truly unrecoverable.

Key Management
The private key decrypts messages sent encrypted to the public key and secures the PGP Virtual Disk volumes. Public keys encrypt messages to others or to add users to PGP Virtual Disk volumes.

Single Sign-on to Windows
Provides simplified login experience using existing Windows' password.

Partition-based Encryption
Partition-based encryption enables PGP Whole Disk Encryption to encrypt only designated disk partitions, providing added compatibility for systems with multiple operating systems or existing recovery partitions.

Extended Pre-boot Smart Card Support
PGP Whole Disk Encryption performs preboot authentication using a variety of smart cards.

For (optional use) in a centrally managed environment with PGP Universal Server:
Centralized Management, Deployment, & Policy
Automate provisioning, user and key management, and policy enforcement across email, disk, removable media, and network file encryption using PGP Universal Server's Web-based management console. Role-based administrative access enables administrative separation of duties.

Event Logging
Comprehensive logs record all administrative and disk encryption operations for auditing and security best practices.

Recovery Passphrase

• Automatic generation and central storage of unique one-time-use recovery passphrase enables remote assistance.
• Automatically resets the recovery passphrase after each use, reducing administrative overhead.

Multiple Platform Support
PGP Whole Disk Encryption supports Windows, Mac OS X and Linux, including Microsoft Windows 7, Mac OS X Snow Leopard, Ubuntu and RedHat.

Policy-Driven Encryption of Removable Media
PGP Whole Disk Encryption users managed by PGP Universal Server automatically apply encryption of removable media according to policy, ensuring consistent data protection for these easily lost devices.

Partition Encryption Deployment
Administrators in a PGP Universal-managed environment may now configure encryption of only the boot partition or only Windows partitions rather than always encrypting entire disks.

Domain Administrator Restart Bypass
Windows System and Administrator account(s) may now engage a mode to bypass WDE authentication on the next restart by utilizing the privileges of the administration account to act as the authenticated user. This feature enables administrators to perform remote software installations requiring a restart of the target computer. Use of this feature is logged to the PGP Universal Server.

Supported Operating Systems

Windows®

• Microsoft Windows 7 (all 32- and 64-bit editions)
• Microsoft Windows Vista (all 32- and 64-bit editions, including Service Pack 1 and 2)
• Microsoft Windows XP Tablet PC Edition 2005 (requires attached keyboard)
• Microsoft Windows XP Home Edition (Service Pack 2 or 3)
• Microsoft Windows XP Professional 64-bit (Service Pack 2)
• Microsoft Windows XP Professional 32-bit (Service Pack 2 or 3)
• Microsoft Windows 2000 (Service Pack 4)

Note: The above operating systems are supported only when all of the latest hot fixes and security patches from Microsoft have been applied.

Windows® Server

• Microsoft Windows Server 2008 SP 1 and 2 (32- and 64-bit editions)
• Microsoft Windows Server 2008 R2 (32- and 64-bit editions)
• Microsoft Windows Server 2003 (Service Pack 1 and 2)*
• Microsoft Windows Server 2003 SP 2 (32- and 64-bit editions)*

* Full disk encryption functionality is not supported on Microsoft Windows 2000 Server or Microsoft Windows 2003 Server.

Mac OS® X

• Apple Mac OS X 10.5.x or 10.6.x (Intel-based Macs only)

Linux®

• Ubuntu 8.04 and 9.04 (32-bit versions) and Red Hat Enterprise Linux/CentOS 5.2 and 5.3 (32-bit versions),Ubuntu 8.04 and 9.04 (64-bit versions), Red Hat Enterprise Linux 5.2 and 5.3 (64-bit versions)**

** PGP Whole Disk Encryption for Linux is command line only

Localization

• English
• German
• Japanese
• Spanish
• French

Supported Keyboard Languages

• English, English (US-International)
• Belgian
• Bosnian, Croatian, Serbian and Slovenian
• Canadian Multilingual Standard
• Chinese Simplified (China/Singapore), Chinese Traditional (Hong Kong/Taiwan)
• Czech (QWERTY)
• Danish
• Dutch
• Estonian
• Finnish
• French, French Canadian
• German, German (Germany/Austria), German (Swiss)
• Hungary
• Icelandic
• Irish
• Italian
• Japanese
• Korean
• Norwegian
• Polish
• Portuguese (Brazil), Portuguese (Portugal)
• Romanian
• Spanish, Spanish (Latin America), Spanish Variation
• Swedish
• Swiss French

Authentication Options

• OpenPGP RFC 4880 keys
• X.509 certificates

Symmetric Key Algorithms – PGP Whole Disk Encryption

• AES 256-bit keys

Centralized Management Requirements

• PGP Whole Disk Encryption is centrally managed by PGP Universal Server which requires a dedicated hardware server. For supported hardware and other information, please refer to the PGP Universal Server technical specifications.

Two-Factor Authentication (Windows Only)

Compatible Smart Card Readers for PGP WDE Authentication
The following smart card readers are compatible when communicating to a smart card at pre-boot time. These readers can be used with any compatible removable smart card (it is not necessary to use the same brand of smart card and reader).

Generic smart card readers
Most CCID smart card readers are compatible. The following readers have been tested by PGP Corporation:

• OMNIKEY CardMan 3121 USB for desktop systems (076b:3021)
• OMNIKEY CardMan 6121 USB for mobile systems (076b:6622)
• ActiveIdentity USB 2.0 reader (09c3:0008)
• SCM Microsystem Smart Card Reader model SCR3311
• CyberJack smart card readers
  
  • Reiner SCT CyberJack pinpad (0c4b:0100)
• ASE smart card readers
  
  • Athena ASEDrive IIIe USB reader (0dc3:0802)
• Embedded smart card readers
  
  • Dell D430 embedded reader
  • Dell D630 embedded reader
  • Dell D830 embedded reader

Compatible Smart Cards or Tokens for PGP WDE Authentication (Windows Only)
PGP Whole Disk Encryption is compatible with the following smart cards for pre-boot authentication:

• ActiveIdentity ActivClientCAC cards, 2005 model
• Aladdin eToken PRO 64K, 2048 bit RSA capable
• Aladdin eToken PRO USB Key 32K, 2048 bit RSA capable
• Aladdin eToken PRO without 2048 bit capability (older smart cards)
• Aladdin eToken PRO Java 72K
• Aladdin eToken NG-OTP 32K

Note: Other Aladdin eTokens, such as tokens with flash, should work provided they are APDU compatible with the compatible tokens. OEM versions of Aladdin eTokens, such as those issued by VeriSign, should work provided they are APDU compatible with the compatible tokens.

• Athena ASEKey Crypto USB Token for Microsoft ILM
• Athena ASECard Crypto Smart Card for Microsoft ILM

Note: The Athena tokens are compatible only for credential storage.

• Axalto Cyberflex Access 32K V2
• Charismathics CryptoIdentity plug 'n' crypt Smart Card only stick
• EMC RSA SecurID SID800 Token (v1 and 2)

Note: This token is compatible only for key storage. SecurID is not compatible.

• EMC RSA Smart Card 5200
• Marx CrypToken USB token
• Rainbow iKey 3000
• S-Trust StarCOS smart card

Note: S-Trust SECCOS cards are not compatible.

• SafeNet iKey 2032 USB token
• T-Systems Telesec NetKey 3.0 smart card
• T-Systems TCOS 3.0 IEI smart card
• Personal Identity Verification (PIV) cards
  
  • Oberthur ID-One Cosmo V5.2D PIV cards using ActivClient version 6.1 client software.
  • Giesecke and Devrient Sm@rtCafe Expert 3.2 PIV cards using ActivClient version 6.1 client software.

PGP Whole Disk Encryption for Windows Operating Systems also recognizes and works with smart cards from other vendors if the vendor includes a standards-based PKCS-11 library in its software drivers.

PGP Perpetual License
A PGP Perpetual License with PGP Support entitles the customer to use the designated PGP software indefinitely, plus receive all Upgrades and Updates to the licensed software during the valid PGP Support period. One year of PGP Bronze Support is included with the online purchase of a PGP Perpetual License.

PGP Bronze Support provides customers with access to PGP Support Engineers and the PGP Support Site. PGP Support Engineers are available through interactive chat, private forum, and credit card telephone support. PGP Support must be renewed annually.